01-29-2013 12:19 PM - edited 03-04-2019 06:53 PM
With à customer we have à site to site VPN connection. In this tunnel there is one subnet routed with a 3des-sha encryption / hash. Now the want to add a new subnet in this tunnel, but with a AES-128 / MD5 encryption / hash. Is it correct if we make a new crypto map with a higher seq. number?
Sent from Cisco Technical Support iPad App
Solved! Go to Solution.
01-29-2013 01:11 PM
No problem, so you would want to modify your transform set then to include aes and modify your crypto acl to include the new network, and of course make sure both sides of the tunnel have the same crypto and ipsec settings.
01-29-2013 12:26 PM
If you add a new crypto map with a higher sequence #, that will only affect the phase 1 portion of the tunnel creation. If you want to use aes on the IPSec tunnel itself, you'd want to modify the transform set being used as well. However, I'm not entirely clear on what you're looking to do. Do you want to add a second subnet to your crypto map and existing tunnel, or are you trying to create a 2nd tunnel to the same endpoint with different encryption standards for some reason?
01-29-2013 12:38 PM
I want to add a second subnet to the existing tunnel, but the customer wants to use a different encryption method on phase 2. Sorry for my knowledge. I'm just new to networking.
Sent from Cisco Technical Support iPad App
01-29-2013 01:11 PM
No problem, so you would want to modify your transform set then to include aes and modify your crypto acl to include the new network, and of course make sure both sides of the tunnel have the same crypto and ipsec settings.
01-31-2013 05:16 AM
Thanks, this was the right solution. It's all working fine now.
Sent from Cisco Technical Support iPad App
01-29-2013 01:44 PM
Thank you. Tomorrow I need to do the change and I think it will be successful.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide